Powereful Cyberattack Targeted Thousands of Online Gaming Accounts
Cybercriminals are increasingly focusing their attention on the online accounts of gamers.
A new strain of malware known as BloodyStealer is increasingly being used by cybercriminals to target gamers and their online accounts, according to Kaspersky Lab researchers.
An ad for BloodyStealer was found by the experts of the cybersecurity firm in March of this year. The ad claimed that the malware could steal data from browsers such as passwords and cookies, as well as from devices such as bank cards, auto-fill data, device data, screenshots, and files from Desktop and uTorrent clients, according to Tech Radar.
Throughout spite of its youth, BloodyStealer has already been used to infect people in Europe, Latin America, and Asia. BloodyStealer can be purchased on the dark web for as little as $10 per month or as much as $40 for a "lifetime license," which has made it extremely easy for the malware's authors to distribute it.
BloodyStealer features a suite of tools meant to make it difficult to study by security researchers and law enforcement, in addition to being able to steal user data. To avoid DDoS and other web-based attacks, the malware zips up the stolen data and delivers it to a C&C server. Cybercriminals can access victims' data and online accounts through the Telegram messaging app or the basic control panel.
BloodyStealer is the most common malware used to steal gaming accounts
When it comes to the dark web's tools for stealing gaming accounts, just one stand out: BloodyStealer. Hacking forums in the dark web frequently have adverts offering to post a malicious link on a popular website or selling software that automatically produces fake login pages for phishing sites.
However, logs, which are databases containing a ton of data for login into stolen user accounts, are one of the most popular dark web items. Users' whereabouts, the length of time logs were collected, and other details are all specified in these advertising by hackers.
Access to specific gaming accounts can be sold individually or in bulk by cybercriminals. It's important to remember that accounts with plenty of games, add-ons, and expensive virtual goods are extremely valuable, even when sold at a significant discount. For example, a cybercriminal was offering to sell 208k online gaming accounts for $4000 in one ad discovered by Kaspersky in a blog post on the subject. On the black web, titles like Need for Speed Heat and Madden NFL 21 can be purchased for as little as $0.50 cents.
BloodyStealer, as well as other strains of malware and types of cyberattacks that target gamers, can be prevented by following the next recommendations:
- Enabling two-factor authentication (2FA) for online accounts
- Only downloading applications from official stores
- Being cautious of links in emails and messages from shady sources
- Checking websites for authenticity before entering your username and password